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REMARKS 

In response to the Official Action mailed January 15, 2004, Applicants respectfully request 
reconsideration in view of these remarks. In this Response, no claims are added, canceled, or 
amended so that claims 1-20 remain pending. No new matter has been added. 

The present invention provides two-phase request filtering in a firewall system where the 
first phase performs initial filtering, and the second phase performs filtering in accordance with a 
protocol specific to the request. This achieves a security advantage over the prior art that does not 
provide two-phase filtering in accordance with the request protocol, since the number of Internet 
protocols is increasing, and the number of different types of attacks that can be lodged against a 
network are also increasing. 

Claims 3-4, 6-7, 14-15, and 19-20 were rejected under 35 U.S.C. 1 12, second paragraph, as 
allegedly being indefinite for failing to particularly point out and distinctly claim the subject matter 
which Applicants regard as the invention. Applicants respectfully traverse this rejection. 

The Official Action contends that there is an indeterminate difference in claim scope 
between these claims and their respective parent claims. However, this contention is erroneous 
because of the appearance of "at least one of in the independent claims, whereas the dependent 
claims recite that every enumerated element is necessary. For example, claim 1 recites the first 
phase verifies "at least one of: that the request is pursuant to a supported protocol; that a 
command of the request is allowable; that a length of the request does not exceed an allowable 
maximum for the command of the request; that characters of the request are of an allowable type. " 
By contrast, claim 3 recites simply that the first phase verifies "that the request is pursuant to a 
supported protocol; that a command of the request is allowable; that a length of the request does 
not exceed an allowable maximum for the command of the request; that characters of the request 
are of an allowable type. " Claim 3 clearly narrows the scope of claim 1 by omitting the "at least 
one of and reciting that all of the enumerated verifications are performed. Whereas any single one 
of the enumerated verifications would satisfy the first phase filtering in claim 1, all of the 
enumerated verifications are required to satisfy the first phase filtering recited in claim 3. The same 
is true with respect to claim 5 in relation to claim 6, claim 8 in relation to claim 14, and claim 17 in 
relation to claim 19. 

Moreover, the rejection is similarly erroneous with respect to the second phase filtering of 
claim 1 . Claim 1 recites filtering the request in the second phase to verify at least one o/the 
enumerated criteria. By contrast, claim 4 recites filtering the request to verify all of the enumerated 
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criteria. The same is true with respect to claim 5 in relation to claim 7, claim 8 in relation to claim 
15, and claim 17 in relation to claim 20. Thus, claims 3-4, 6-7, 14-15, and 19-20 are clearly 
narrower in scope than the claims from which they depend, respectively. Accordingly, the rejection 
of claims 3-4, 6-7, 14-15, and 19-20 is erroneous and should be withdrawn. 

The Official Action rejected claims 1-20 as unpatentable over Shwed et al. (US Patent 
5,835,726, hereinafter Shwed) in view of Jade et al. (US Patent 6,061 ,797, hereinafter Jade). That 
rejection is respectfully traversed. 

The combination of Shwed and Jade fails to teach or suggest all of the limitations of 
claims 1, 5, 8, and 17. Namely, the combination fails to teach a firewall or computerized system 
that, in a secondary phase, filters a request particular to the supported protocol to which the 
request is pursuant. The Official Action contends Shwed teaches this feature. However, Shwed 
merely discloses filtering packets in accordance with a user-defined rule base (see Abstract of 
Shwed). There is no teaching or suggestion in Shwed that packets are filtered in accordance with 
the particular protocol by which the request was made. For example, the present invention filters 
hypertext transfer protocol (HTTP) requests in accordance with HTTP, while filtering file 
transfer protocol (FTP) requests in accordance with FTP. By filtering requests in accordance 
with their native protocol, the present invention achieves an advantage over that of Shwed, which 
filters every packet in accordance with the same set of rules. Because Shwed does not consider 
the protocol of the request in filtering packets, the combination of Shwed and Jade cannot teach 
or suggest claims 1, 5, 8, and 17. 

Furthermore, the combination of Shwed and Jade fails to teach or suggest filtering a 
request in a first phase to verify only at least one of: that the request is pursuant to a supported 
protocol; that a command of the request is allowable; that a length of the request does not 
exceed an allowable maximum for the command request; that characters of the request are of an 
allowable type. The Official Action contends that Jade teaches this feature of the invention by 
verifying that a request is a valid one. However, in checking the validity of a request, Jade only 
verifies that the request is directed to a current valid entry in a trusted sockets table (see column 
4, lines 20-22 of Jade). Validity of the recipient is not one of the enumerated verifications 
performed in phase one filtering of the present invention. Accordingly, Jade does not teach at 
least one of the enumerated first phase verifications, and cannot be relied upon to support the 
first phase filtering of claims 1,5,8, and 17. 

Moreover, a feature that contributes to the robust security of the present invention is the 
division of filtering into a first phase and a second phase. Neither Shwed nor Jade teaches such a 
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division. Accordingly, there is no obvious way to combine Shwed and Jade to teach the present 
invention as suggested by the Official Action. Even if one reference teaches the first phase and 
the other reference teaches the second phase, neither of the references alone or in combination 
teaches or suggests the division of filtering into two phases, where each phase performs only the 
enumerated verifications belonging to that phase. If there exists motivation to combine Shwed 
and Jade, then the combined references only teach both of their respective filtering verifications 
in a single filtering phase, because dual-phase filtering is neither present nor suggested in either 
reference. 

The combination of Shwed and Jade cannot teach or suggest all of the features of claims 
1, 5, 8, and 17 because neither reference teaches nor suggests filtering a request particular to the 
supported protocol to which the request is pursuant. Nor do the references teach or suggest any 
of the enumerated verifications of the first filtering phase. Most prominently, neither reference 
teaches or suggests two-phase filtering at all, regardless of which verifications are performed. 
The Official Action cannot point to any suggestion or motivation in the references or prior art 
suggesting dividing firewall filtering into two phases. Thus, the rejection should be withdrawn. 

The rejection of claims 3-4, 6-7, 14-15, and 19-20 is not supported with respect to Shwed 
and Jade. Those claims, which are narrower in scope than their parent claims, are patentable over 
Shwed and Jade. For example, neither reference discloses verifying that the length of a request does 
not exceed the allowable maximum for the command of the request. If the obviousness rejection of 
claims 3-4, 6-7, 14-15, and 19-20 is maintained, Applicants respectfully request an explanation for 
the rejection, other than being dependent upon a presently rejected base claim. Otherwise claims 
3-4, 6-7, 14-15, and 19-20 should be indicated as allowable. 

Claim 12 was rejected without support. Applicants respectfully request an explanation 
for this rejection too, other than being dependent upon a presently rejected base claim. 

In summary, Shwed and Jade fail to teach or suggest all of the features of each of claims 
1, 5, 8, and 17, as well as their respective dependent claims. There is no motivation to combine 
the cited references in the manner posited by the Official Action. A prima facie case of 
obviousness has not been established, and the rejection should be withdrawn. 
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Favorable reconsideration of the application in view of these remarks is earnestly 
solicited. 



Respectfully submitted, 




A. Wesley Ferrebee, Reg. No. 51,312 

LEYDIG, VOIT & MAYER 

700 Thirteenth Street, N.W., Suite 300 



Washington, DC 20005-3960 
(202) 737-6770 (telephone) 
(202) 737-6776 (facsimile) 

Date: V//S/04 
AWF:tps 



Amendment or ROA - Regular (Revised 9/03/03) 
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